Supply management system

ABSTRACT

A method comprising: storing, in a ledger of a blockchain system, a transaction record containing information associated with a first purchase that is made in a supply chain, the supply chain including a plurality of suppliers, the first purchase being made by a first one of the plurality of suppliers from a second one of the plurality of suppliers, the transaction record containing a plurality of data items associated with the first purchase; and storing, in the ledger of the blockchain system, a logic for enforcing one or more data access policies, the logic being configured to control access to at least one of the plurality of data items in the transaction record by any given one of the plurality of suppliers based on a respective tier in the supply chain to which the given supplier belongs.

BACKGROUND

A supply chain is an entire system of producing and delivering a finalproduct, from the sourcing of various components and sub-components tothe final delivery of the product. Efficient information sharing amongdifferent suppliers in a supply chain is essential for the properfunctioning of the supply chain. Specifically, efficient informationsharing may help a supplier to mitigate disruptions occurring far downin the supply chain from the supplier. Such disruptions may be caused bygeopolitical tensions, pandemics, or global geo-economic uncertainty.

SUMMARY

This Summary is provided to introduce a selection of concepts in asimplified form that is further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter.

According to aspects of the disclosure, a non-transitorycomputer-readable medium is provided that stores one or moreprocessor-executable instructions which, when executed, by one or moreprocessors cause the one or more processors to perform the operationsof: storing, in a ledger of a blockchain system, a transaction recordcontaining information associated with a first purchase that is made ina supply chain, the supply chain including a plurality of suppliers, thefirst purchase being made by a first one of the plurality of suppliersfrom a second one of the plurality of suppliers, the transaction recordcontaining a plurality of data items associated with the first purchase;and storing, in the ledger of the blockchain system, a logic forenforcing one or more data access policies, the logic being configuredto control access to at least one of the plurality of data items in thetransaction record by any given one of the plurality of suppliers basedon a respective tier in the supply chain to which the given supplierbelongs, wherein the blockchain system is configured to: (i) receive,from a third one of the plurality of suppliers, a request for any givenone of the plurality of data items and (ii) generate a response to therequest based on a tier in the supply chain of the third supplier, theresponse being generated, at least in part, by executing the logic.

According to aspects of the disclosure, a method is provided comprising:one or more processors configured to perform the operations of: storing,in a ledger of a blockchain system, a transaction record containinginformation associated with a first purchase that is made in a supplychain, the supply chain including a plurality of suppliers, the firstpurchase being made by a first one of the plurality of suppliers from asecond one of the plurality of suppliers, the transaction recordcontaining a plurality of data items associated with the first purchase;and storing, in the ledger of the blockchain system, a logic forenforcing one or more data access policies, the logic being configuredto control access to at least one of the plurality of data items in thetransaction record by any given one of the plurality of suppliers basedon a respective tier in the supply chain to which the given supplierbelongs, wherein the blockchain system is configured to: (i) receive,from a third one of the plurality of suppliers, a request for any givenone of the plurality of data items and (ii) generate a response to therequest based on a tier in the supply chain of the third supplier, theresponse being generated, at least in part, by executing the logic.

According to aspects of the disclosure, a non-transitorycomputer-readable medium is provided that stores one or moreprocessor-executable instructions which, when executed, by one or moreprocessors cause the one or more processors to perform the operationsof: storing, in a ledger of a blockchain system, a transaction recordcontaining information associated with a first purchase that is made ina supply chain, the supply chain including a plurality of suppliers, thefirst purchase being made by a first one of the plurality of suppliersfrom a second one of the plurality of suppliers, the transaction recordcontaining a plurality of data items associated with the first purchase;and storing, in the ledger of the blockchain system, a logic forenforcing one or more data access policies, the logic being configuredto control access to at least one of the plurality of data items in thetransaction record by any given one of the plurality of suppliers basedon a respective tier in the supply chain to which the given supplierbelongs, wherein the blockchain system is configured to: (i) receive,from a third one of the plurality of suppliers, a request for any givenone of the plurality of data items and (ii) generate a response to therequest based on a tier in the supply chain of the third supplier, theresponse being generated, at least in part, by executing the logic.

BRIEF DESCRIPTION OF THE DRAWING FIGURES

Other aspects, features, and advantages of the claimed invention willbecome more fully apparent from the following detailed description, theappended claims, and the accompanying drawings in which like referencenumerals identify similar or identical elements. Reference numerals thatare introduced in the specification in association with a drawing figuremay be repeated in one or more subsequent figures without additionaldescription in the specification in order to provide context for otherfeatures.

FIG. 1 is a diagram of an example of a transaction node, according toaspects of the disclosure;

FIG. 2A is a diagram of an example of a supply chain, according toaspects of the disclosure;

FIG. 2B is a diagram of an example of a system, according to aspects ofthe disclosure;

FIG. 3A is a diagram of an example of a blockchain system, according toaspects of the disclosure;

FIG. 3B is a diagram of an example of a blockchain system, according toaspects of the disclosure;

FIG. 4 is a flowchart of an example of a process, according to aspectsof the disclosure;

FIG. 5A is a flowchart of an example of a process, according to aspectsof the disclosure;

FIG. 5B is a flowchart of an example of a process, according to aspectsof the disclosure;

FIG. 6A is a flowchart of an example of a process, according to aspectsof the disclosure;

FIG. 6B is a flowchart of an example of a process, according to aspectsof the disclosure;

FIG. 7 is a flowchart of an example of a process, according to aspectsof the disclosure; and

FIG. 8 is a diagram of an example of a computing device, according toaspects of the disclosure.

DETAILED DESCRIPTION

According to the present disclosure, a multi-tier supply chainmanagement system is provided. The system enables the sharing of dataamong suppliers from different tiers of a supply chain. The systemintelligently integrates a supply-chain tier model in its operations.Specifically, the system shares various types of information withdifferent suppliers in the supply chain based on the tier of thesuppliers. Examples of information that is shared include informationabout a supplier that is party to a specific transaction, the capacityof a supplier to produce a part that is subject to the transaction, thecost of the part, information about the quality of the part, orinformation about various compliance policies that are implemented bythe supplier with respect to the part. The multi-tier supply chainmanagement system enables comprehensive end-to-end traceability ofmaterials within a supply chain, as well as a secure sharing oftransaction information between suppliers from non-consecutive tiers ofthe supply chain.

FIG. 1 is a diagram of an example of a transaction record 100, accordingto aspects of the disclosure. The transaction record 100 may include adata structure (or portion thereof), which is stored in the ledger of ablockchain system. The transaction record 100 may include informationassociated with the purchase of an item (e.g., a part) from a firstsupplier in a supply chain by a second supplier in the supply chain. Thetransaction record 100 may include an identifier 102 of the seller, anidentifier 104 of the purchaser, an identifier 106 of the item that isbeing purchased, an identifier 108 of the quantity that is purchased, anidentifier 110 of the price of the item, and an identifier 112 of anexpected time of delivery. Although not shown in FIG. 1 , thetransaction record 100 may include additional information, such asinformation about policy compliance, a part datasheet, and/or anysuitable type of information. The transaction record 100 may beimplemented as a standalone data structure or part of a larger datastructure.

The transaction record 100 may include a plurality of access restrictionsettings. Each access restriction setting may include a number, astring, or an alphanumerical string that specifies access permissionsfor a particular data item (or group of data items). Each of the accessrestriction settings may identify one or more of: (i) a specificsupplier (or customer) that is permitted to view a given data item thatis associated with the access restriction setting, (ii) a specific tierin the supply chain whose constituent suppliers are permitted to viewthe given data item, (iii) a specific supplier (or customer) that is notpermitted to view the given data item, (iv) a specific tier in thesupply chain whose constituent suppliers are not permitted to view thegiven data item. In other words, each of the access restriction settingsmay include: (i) a supplier identifier that uniquely identifies thesupplier among a plurality of suppliers and/or (ii) a tier identifierthat uniquely identifies a tier in the supply chain 200 among aplurality of tiers in the supply chain 200. According to the presentexample, access restriction setting 103 is associated with data item102; access restriction setting 105 is associated with data item 104;access restriction setting 107 is associated with data item 106; accessrestriction setting 109 is associated with data item 108; accessrestriction setting 111 is associated with data item 110; and accessrestriction setting 113 is associated with data item 112. Although theaccess restriction settings are depicted as being integrated into thetransaction record 100, alternative implementations are possible inwhich they are provided separately from the transaction record 100.

Although in the present example the transaction record 100 is associatedwith a specific transaction, alternative implementations are possible inwhich the transaction record is not associated with any specifictransaction. Irrespective of whether the transaction record 100 isassociated with a particular transaction, the transaction record mayalso include information that is not specific to any individualtransaction, such as information about a supplier's capacity, datasheetsfrom parts that are provided by the supplier, information about thecompliance of the manufacturer with various standards and policies.

FIG. 2A is a diagram of an example of a supply chain 200, according toaspects of the disclosure. The supply chain 200 includes tier-3suppliers 203, tier-2 suppliers 202, tier-1 suppliers 202, amanufacturer 210, and a customer 220. Supplier 203-1 may manufacturepart #7; supplier 203-2 may manufacture part #8, supplier 203-3 maymanufacture part #9, supplier 203-4 may manufacture part #10, supplier203-5 may manufacture part #11, supplier 203-6 may manufacture part #12,supplier 203-7 may manufacture part #13, and supplier 203-8 maymanufacture part #14.

Supplier 202-1 may receive parts #7 and #8 from suppliers 203-1 and203-2, respectively, and assemble part #3 from parts #7 and #8. Supplier202-2 may receive parts #9 and #10 from suppliers 203-3 and 203-4,respectively, and assemble part #4 from parts #9 and #10. Supplier 202-3may receive parts #11 and #12 from suppliers 203-5 and 203-6,respectively, and assemble part #5 from parts #11 and #12. Supplier202-4 may receive parts #13 and #14 from suppliers 203-7 and 203-8,respectively, and assemble part #6 from parts #13 and #14. Supplier201-1 may receive parts #3 and #4 from suppliers 202-1 and 202-2,respectively, and assemble part #1 from parts #3 and #4. Supplier 201-2may receive parts #5 and #6 from suppliers 202-3 and 202-4,respectively, and assemble part #2 from parts #5 and #6. Manufacturer210 may receive parts #1 and #2 from suppliers 201-1 and 201-2respectively, and assemble those parts into a finished product. Customer220 may purchase the finished product from manufacturer 210.

The operation of the supply chain 200 may depend on differenttransactions between individual suppliers in the supply chain 200. Foreach transaction, a respective transaction record may be stored in theledger 320 of the blockchain system 280 (shown in FIG. 3A).Specifically, a transaction record 243-1 may be stored in the ledger 320for the purchase of part #7 by supplier 202-1 from supplier 203-1; atransaction record 243-2 may be stored in the ledger 320 for thepurchase of part #8 by supplier 202-1 from supplier 203-2; a transactionrecord 243-3 may be stored in the ledger 320 for the purchase of part #9by supplier 202-2 from supplier 203-3; a transaction record 243-4 may bestored in the ledger 320 for the purchase of part #10 by supplier 202-2from supplier 203-4; a transaction record 243-5 may be stored in theledger 320 for the purchase of part #11 by supplier 202-3 from supplier203-5; a transaction record 243-6 may be stored in the ledger 320 forthe purchase of part #12 by supplier 202-3 from supplier 203-6; atransaction record 243-7 may be stored in the ledger 320 for thepurchase of part #13 by supplier 202-4 from supplier 203-7; atransaction record 243-8 may be stored in the ledger 320 for thepurchase of part #14 by supplier 202-4 from supplier 203-8; atransaction record 242-1 may be stored in the ledger 320 for thepurchase of part #3 by supplier 201-1 from supplier 202-1; a transactionrecord 242-2 may be stored in the ledger 320 for the purchase of part #4by supplier 201-1 from supplier 202-2; a transaction record 242-3 may bestored in the ledger 320 for the purchase of part #5 by supplier 201-2from supplier 202-3; a transaction record 242-4 may be stored in theledger 320 for the purchase of part #6 by supplier 201-2 from supplier202-4; a transaction record 250-1 may be stored in the ledger 320 forthe purchase of part #1 by manufacturer 210 from supplier 201-1; atransaction record 250-2 may be stored in the ledger 320 for thepurchase of part #2 by manufacturer 210 from supplier 201-2; and atransaction record 250-3 may be stored in the ledger 320 for thepurchase of the finished product by the customer 220. Although thesupply chain 200 is depicted as including a single customer, it will beunderstood that, in practice, the supply chain 200 could include anynumber of customers.

As used throughout the disclosure, the term “tier of a supplier” refersto how far removed a supplier is from a finished product that isproduced by a supply chain. For example, a tier-0 supplier may be thesupplier that produces the finished product (e.g., manufacturer 210 inthe example of FIG. 2 ). A tier-1 supplier may produce parts that areassembled into the finished product by a tier-1 supplier. A tier-2supplier may produce parts that are assembled by tier-1 suppliers, andso forth.

By definition, any transaction in a supply chain necessarily takes placebetween suppliers from consecutive tiers in the supply chain(hereinafter “a purchaser” and “a seller”). Some of the informationabout the transaction may be desired to be shared with other suppliersin the supply chain, while other information regarding the transactionmay be desired to be kept secret from everyone in the supply chain,except for the supplier and the seller. Consider a transaction between atier-1 supplier and a tier-2 supplier of a supply. Price informationassociated with the transaction may be desired to be kept confidentialfrom a tier-0 supplier of the supply chain, whereas information aboutany delays in executing the transaction may be desired to be shared withthe tier-0 supplier. As is discussed further below, a blockchain system280 is provided, which enables the selective sharing of information withdifferent suppliers in a supply chain based on the respective tiers ofthe suppliers in the supply chain. The operation of the blockchainsystem 280 is discussed further below with respect to FIGS. 2B-8 .

FIG. 2B is a diagram of an example of a system 270, according to aspectsof the disclosure. As illustrated, the system 270 may include aplurality of computing devices 272, an authentication database 273, anexternal data store 274, a tier data store 275, and a blockchain system280 that are coupled to one another via a communications network 276.The communications network 276 may include one or more of a local areanetwork (LAN), a wide area network (WAN), a cellular network (e.g., a 5Gnetwork), the Public Switched Telephone Network (PTSN), the Internet,and/or any other suitable type of communications network.

Each of the computing devices 272 may be the same or similar to thecomputing device 800, which is discussed further below with respect toFIG. 8 . Each of the computing devices 272 may be used by a differentone of the suppliers 203, 202, 201, the manufacturer 210, and thecustomer 220 to store and retrieve data from the blockchain system 280.

The blockchain system 280 may include any suitable type ofcryptographically auditable platform that is configured to providesecure access to information associated with transactions in a supplychain. The blockchain system 280 may include any suitable type ofblockchain system, such as a public blockchain, a private blockchain, ora hybrid blockchain system. According to the present example, theblockchain system 280 is implemented as a peer-to-peer network includingthe computing devices 272. Although in the present example the computingdevices 272 are configured to operate as nodes in the blockchain system280, alternative implementations are possible in which the computingdevices 272 are external to the blockchain system 280.

The authentication database 273 may include a database forauthenticating the credentials of entities that attempt to retrieve orstore information in the ledger of the blockchain system 280. Theexternal data store 274 may include one or more computing devices thatare configured to store information. The tier data store 275 may includeone or more computing devices that identify the topology of the supplychain 200. In some implementations, the tier data store 275 may storeone or more data structures that identify all (or at least some) of thesuppliers that are part of the supply chain 200, as well as therespective tiers of the suppliers. For any of the suppliers in thesupply chain 200, the one or more data structures may store anidentifier of the supplier and an indication of the respective tier ofthe supplier in the supply chain 200.

FIG. 3A is a diagram of the blockchain system 280, according to oneaspect of the disclosure. Shown in FIG. 3A is a ledger 320 of theblockchain system 280. As illustrated, the ledger 320 may be configuredto store the transaction records 243, 242, and 250, which are discussedabove with respect to FIG. 2A. Each of the transaction records 243, 242,and 250 may be the same or similar to the transaction record 100, whichis discussed above with respect to FIG. 1 .

The ledger 320 may be further configured to store entity definitions342. Each of the entity definitions 342 may correspond to a differentsupplier in the supply chain 200 or to a respective customer. In someimplementations, for each of the suppliers in the supply chain 200, adifferent entity definition 342 may be provided that contains anidentifier of the supplier and an indication of a tier in the supplychain 200 to which the supplier belongs. In some implementations, forany customer in the supply chain 200, a different entity definition maybe provided that includes an identifier of the customer along with anindication that the entity definition belongs to a customer (rather thana supplier). Each of the entity definitions 342 may be implemented as astandalone data structure or as a portion of a larger data structure.

The ledger 320 may be further configured to store a plurality ofpublic/private key pairs 341. Each pair 341 may correspond to adifferent supplier in the supply chain 200 and include a publicencryption key that belongs to the supplier and a private encryption keythat belongs to the supplier. The private key in each pair 341 may beone that is accessible only from within the blockchain system 280. Forexample, the private key in each pair 341 may be accessible only bysmart contract logic that is executed by the blockchain system 280. Asanother example, the public key of any supplier in the supply chain 200may be known to other suppliers in the supply chain 200, whereas theprivate key of any supplier in the supply chain 200 may be hidden fromall other suppliers in the supply chain 200.

The ledger 320 may be further configured to store one or more smartcontracts 331, one or more smart contracts 332, and one or more smartcontracts 333. Each of the smart contracts 331, 332, and 333 may includelogic that is executed by nodes in the blockchain system 280, by using aconsensus-building mechanism of the blockchain system 280.

The smart contract(s) 331 may include logic that is configured to search(or otherwise examine) the entity definitions 342 to determine the role(e.g., the tier) in the supply chain 200 of a particular entity (e.g., aparticular supplier). For example, the logic may receive as input anidentifier of a supplier and return an indication of the tier of thesupplier. As another example, the logic may receive as input anidentifier of an entity (e.g., a customer or a supplier) and return anindication of whether the entity is a supplier or customer. As yetanother example, the logic may be configured to receive a request togenerate a new entity definition 342 and execute the request by creatingthe new entity definition 342. The request may include an identifier ofa supplier and an indication of the supplier's tier in the supply chain200. As used throughout the disclosure, the term “logic” may refer toelectronic circuitry and/or one or more processor-executableinstructions that cause at least one processor to perform an action whenthey are executed by the processor.

The smart contract(s) 332 may include logic for setting or retrievingaccess restriction settings for different data items in the transactionrecords 243, 242, and 250. For example, the logic may be configured toreceive a request including (i) an identifier of a data item, (ii) anidentifier of a transaction or transaction record which the data item ispart of (or associated with), and (iii) an identifier of a supplier (oranother entity) that is attempting to retrieve the data item. Inresponse to the request, the logic may return an indication of whetherthe supplier (or other entity) is permitted to view the data item. Asanother example, the logic may be configured to receive a requestincluding (i) an identifier of a data item, (ii) an identifier of atransaction or transaction record which the data item is part of (orassociated with), and (iii) an identifier of a tier in the supply chain200. In response to the request, the logic may return an indication ofwhether the suppliers that are part of the tier are authorized to viewthe data item. As another example, the logic may be configured toreceive a request to grant or deny (to a supplier/entity or to a tier inthe supply chain 200) permission to view a data item. In response to therequest, the logic may modify the access restriction setting that isassociated with the data item.

The smart contract(s) 333 may include logic for instantiating any of thetransaction records 243, 242, and 250. The logic may also be configuredto store or retrieve data from any of the transaction records. In someimplementations, the logic may be configured to perform at least aprocess 600A or a process 600B, both of which are discussed furtherbelow with respect to FIGS. 6A-B.

FIG. 3A is provided as an example only. It will be understood that thepresent disclosure is not limited to any specific organization of theblockchain system 280. For example, any two (or more) of the datastructures 243, 242, 250, 342, and 341 may be integrated into a singledata structure or subdivided differently. Furthermore, any two (or more)of the smart contracts 331, 332, and 333 may be integrated into a singlesmart contract or subdivided differently. And still furthermore, any ofthe data structures 243, 242, 250, 342, and 341 (or portion thereof) maybe integrated into a respective one of smart contracts 331, 332, and333.

FIG. 3B is a high-level diagram illustrating a processing stack that isimplemented by the blockchain system 280. The processing stack mayinclude a tier assembly component 335, a transaction component 334, acollaboration component 336, and a multi-party access component 338.

The tier assembly component 335 may be configured to generate the entitydefinitions 342. The tier assembly component 335 may be implemented byusing smart contracts and/or other logic. The tier-assembly component335 may include the access management smart contract(s) 332 (or portionthereof) and/or other logic. In some implementations, the tier assemblycomponent 335 may be configured to perform a process 700, which isdiscussed further below with respect to FIG. 7

The transaction component 334 may be configured to generate thetransaction records 243, 242, and 250. The transaction component 334 mayinclude the data management smart contract(s) 333 (or portion thereof)and/or other logic. The transaction component 334 may specify a metadatamodel for the transaction records, and provide methods and routines thatregulate data access rights, permission policies, and data encryption.In some implementations, the collaboration component 336 may beconfigured to execute processes 600A and 600B, which are discussedfurther below with respect to FIGS. 6A-B.

The collaboration component 336 may be configured to enforce data accesspolicies that apply to different data items in a transaction record. Thecollaboration component 336 may include the access policy managementsmart contract(s) 332 (or portion thereof), the tier validation smartcontract(s) 331 (or portion thereof), and/or other logic. Thecollaboration component 336 may be configured to perform processes 500Aand 500B, which are discussed further below with respect to FIGS. 5A-B.

The collaboration component 336 may be configured to receive (throughcomponent 338) supplier data from different facilities and suppliers,store the supplier data in the ledger 320 along with correspondingmetadata, and send the supplier data to another supplier who has gainedpermission from the data owner. Specifically, the collaborationcomponent 336 may provide the following Application ProgrammingInterfaces (APIs): (1) Submit Data, (2) Set Data Permission, and (3)Retrieve Data.

Executing the Submit Data API may cause the collaboration component 336to interact with the transaction component 334 to generate a transactiondata record for a particular transaction (if the record has not alreadybeen created), and store supplier data in the transaction record. Insome implementations, the Submit Data API may process supplier data(e.g., by adding metadata to it) and call the transaction component 334to record the processed supplier data to the ledger 320. The Submit DataAPI may also store an encrypted version of the supplier data to theexternal data store 274.

Executing the Set Data Permission API may cause the collaborationcomponent 336 to change access restriction settings for differentsupplier data items. In some implementations, the Set Data PermissionAPI may interact with the transaction component 334 to develop accessrestriction policies and methods.

Executing the Retrieve Data API may cause the collaboration component336 to retrieve data from any of the transaction records 243, 242, and250 and provide the retrieved data to the entity that invoked theRetrieve Data API. The Retrieve Data API may call smart contracts in thetransaction component 334 to retrieve encrypted supplier data from theledger 320, verify encrypted supplier data authenticity, and decrypt theencrypted data to obtain the original data. The authenticity ofdecrypted data may be verified by decrypting the encrypted data with aprivate key corresponding to the owner of the data (i.e., the supplierwho stored the data in the ledger 320).

The multi-party access component 338 may provide an interface (toexternal clients) for accessing the services of the blockchain system280. The component 338 may be configured the verify the identity of asupplier and cooperate with the collaboration component 336 to executean action that is requested by the supplier (if the supplier's identityhas been authenticated successfully). The multi-party access component338 may be configured to perform a process 400, which is discussedfurther below with respect to FIG. 4 .

FIG. 4 is a flowchart of an example of a process 400, according toaspects of the disclosure.

At step 402, the multi-party access component 338 receives a request toperform an action. The action may include storing supplier data in theledger 320, retrieving supplier data from the ledger 320, setting accessrestrictions for supplier data, and or any other suitable type ofaction. The request may be received from one of the suppliers orcustomers in the supply chain 200. The request may include one or moreparameters. For example, when the request is to store supplier data, theone or more parameters may include the supplier data. As anotherexample, when the request is to set (or change) one or more accessrestriction settings, the one or more parameters may include the newvalues of the access restriction settings. As noted, the request may bereceived from any of the suppliers 201, 202, 203, the manufacturer 210or the customer 220. Under the nomenclature of the present disclosure,the entity from which the request is received is also referred to as“the maker of the request.”

At step 404, the multiparty-access component attempts to authenticatethe maker of the request. Authenticating the maker of the request mayinclude authenticating credentials that are provided together with orseparately from the request. The credentials may be authenticated byusing the authentication database 273.

At step 406, the multi-party access component 338 determines if theauthentication is successful. If the authentication is not successful,the process 400 proceeds to step 408. Otherwise, if the authenticationis successful, the process 400 proceeds to step 410.

At step 408, the multiparty-access component 338 returns a responserejecting the request. The response may be returned to the maker of therequest.

At step 410, the multi-party access component 338 forwards the requestto the collaboration component 336. Forwarding the request to thecollaboration component 336 may include providing the collaborationcomponent 336 with one or more of (i) an indication of the action thatis desired to be performed, (ii) one or more parameters of the request,and/or (iii) an indication that the supplier has been authenticatedsuccessfully.

At step 412, the multi-party access component 338 receives, from thecollaboration component 336, a response to the request that istransmitted at step 410.

At step 414, the multi-party access component 338 forwards the responseto the maker of the request.

FIG. 5A is a flowchart of an example of a process 500A according toaspects of the disclosure.

At step 502, the collaboration component 336 receives a request to storesupplier data in the ledger 320. The request may be received from themulti-party access component 338. The request may include supplier datathat is desired to be stored in the blockchain system 280. The receivedrequest may be the one that is transmitted at step 410 of the process400.

At step 504, the collaboration component 336 processes the supplier datato produce processed supplier data. Processing the supplier data mayinclude converting the supplier data to a standardized metadata format.For example, the supplier data (receive at step 502) may be a statusupdate for a transaction. The status update may include the followingraw supplier data: “123/expected delivery=6/6/2022.” Upon receiving thestatus update, the collaboration component 336 may convert the rawsupplier data to the following standardized supplier data“transaction_id=123; order_shipped=true; eta=6/6/2022”. The standardizedsupplier data may follow a standard metadata model. The raw supplierdata may follow a metadata model that is specific to the supplier whichsubmitted the raw supplier data. Different suppliers that interact withthe blockchain system 280 may use different metadata models forrecording information. Converting supplier data to the standardizedmetadata model may ensure that all data stored in the transactionrecords 243, 242, and 250 has the same format.

At step 506, the collaboration component 336 transmits to thetransaction component 334 a request to store the processed (e.g.,standardized) supplier data (generated at step 504).

At step 508, the collaboration component 336 sets one or more accessrestrictions for the supplier data. For any (or each) data item in theprocessed supplier data (generated at step 504), the collaborationcomponent 336 may set the value of a respective access restrictionsetting. The value may be set by executing the access policy managementsmart contract(s) 332.

At step 510, the collaboration component 336 may provide portions of theprocessed supplier data to third suppliers. The supplier data may bedata associated with a specific transaction between a first supplier anda second supplier (e.g., a purchaser and a seller, etc.). Both the firstsupplier and the second supplier may be part of the supply chain 200. Athird supplier is another supplier in the supply chain 200 that isneither the first supplier nor the second supplier. The third suppliermay or may not be from a different tier of the supplier chain 200 thanthe first supplier and/or the second supplier. Specifically, at step510, for each (or any) data item in the processed supplier data, thecollaboration component 336 may (i) identify an access restrictionsetting for the data item, (ii) identify one or more suppliers that arepermitted to view the data item based on the access restriction setting,and (iii) instruct the multi-party access component 338 to provide thedata item to the suppliers which are permitted to view the data item. Ininstances in which the access restriction setting for a data itemindicates that an entire tier in the supply chain 200 is permitted toview the data item, the data item may be disseminated by thecollaboration component 336 to all suppliers in the tier. For example,the collaboration component 336 may instruct the multi-party accesscomponent 338 to provide the data item to all of the suppliers in thetier.

FIG. 5B is a flowchart of an example of a process 500B, according toaspects of the disclosure. At step 522, the collaboration component 336receives a request to retrieve supplier data from the ledger 320. Therequest may be received from the multi-party access component 338. Therequest may be the one that is transmitted at step 410 of the process400. The request may identify one or more of: (i) a transaction or atransaction record corresponding to the transaction, and (ii) a specificdata item that is desired to be retrieved from the transaction recordcorresponding to the transaction. At step 524, the collaborationcomponent 336 determines if the maker of the request is authorized toretrieve the supplier data from the ledger 320. The determination can bemade by executing the access policy management smart contract(s) 332and/or by executing the tier validation smart contract(s) 331. If themaker of the request is not authorized to retrieve the requestedsupplier data item, the process 500B proceeds to step 526. Otherwise, ifthe maker of the request is authorized to retrieve the requestedsupplier data item, the process 500B proceeds to step 528. At step 526,the collaboration component 336 returns a response rejecting therequest. The response is returned to the multi-party access component338. At step 528, the collaboration component 336 forwards the requestto the transaction component 334. At step 530, the collaborationcomponent 336 receives a response to the request from the transactioncomponent 334. The response may include the requested supplier data itemor an indication that the supplier data cannot be obtained. At step 532,the collaboration component 336 returns the received response to themulti-party access component 338.

In some implementations, at step 524, the collaboration component 336may execute the smart contract(s) 331 to determine the tier in thesupply chain 200 of the maker of the request (e.g., a supplier fromwhich the initial request is received at step 402). Afterwards, thecollaboration component 336 may execute the smart contract(s) 332 todetermine if the tier of the maker of the request is authorized to viewthe data item that is requested. For example, the collaborationcomponent 336 may submit to the smart contract(s) 332 an indication ofthe tier of the maker of the request (as well as an identifier of therequested data item and a corresponding transaction/transaction record).In response, the collaboration component 336 may receive a responseindicating whether all members of the tier are authorized to view therequested data item. If the requested data item is made available to allmembers of the tier of the maker of the request, the collaborationcomponent 336 may determine that the maker of the request is authorizedto retrieve the data item. Otherwise, the collaboration component 336may determine that the maker of the request is not authorized to obtainthe data item. In some respects, executing the smart contract 331 allowsthe collaboration component 336 to use a consensus-building mechanism ofthe blockchain system 280 to verify the tier of the maker of therequest. In some respects, executing the smart contract 332 allows thecollaboration component 336 to use a consensus-building mechanism of theblockchain system 280 to verify the access permissions for the dataitem. The terms “access permission”, “access restriction”, and “accesspolicy” are used interchangeably throughout the disclosure.

FIG. 6A is a flowchart of an example of a process 600A, according toaspects of the disclosure. At step 602, the transaction component 334receives a request to store supplier data in the blockchain system 280.The supplier data may be the same or similar to the processed supplierdata that is generated at step 504 of the process 500A. The supplierdata may include one or more supplier data items. The request may beretrieved from the collaboration component 336. The request may be theone that is transmitted at step 506 of the process 500A. According tothe present example, the maker of the request is one of the suppliers inthe supply chain 200. At step 604, the transaction component identifiesthe public key that is associated with the supplier making the request.The public key may be part of one of the key pairs 341 that isassociated with the supplier making the request. In someimplementations, the supplier data may be associated with a transaction,and the supplier making the request may be either the purchaser or theseller in the transaction. At step 606, the transaction component 334generates a random encryption key. At step 608, the transactioncomponent 334 encrypts the supplier data with the random encryption key.At step 610, the transaction component 334 encrypts the randomencryption key with the public key (identified at step 604). At step612, the transaction component 334 identifies a transaction record thatis associated with the supplier data. Identifying the transaction recordmay include obtaining a transaction ID that is received with the requestto store the supplier data and performing a search of the ledger 320 toidentify a transaction record that is associated with the transaction.If no transaction record is available, the transaction component 334 mayinstantiate (in the ledger 320) a new transaction record that isassociated with the transaction. At step 614, the transaction component334 stores the encrypted random key and the encrypted supplier data inthe transaction record that is identified or created at step 612.

FIG. 6B is a flowchart of an example of a process 600B, according toaspects of the disclosure. At step 622, the transaction component 334receives a request to retrieve supplier data from the blockchain ledger320. The request may be received from the collaboration component 336.The request may be the one that is transmitted at step 528 of theprocess 500B. In some implementations, the request may include at leastone of: (i) a transaction or a transaction record corresponding to thetransaction, and (ii) a data item (or multiple data items) that aredesired to be retrieved from the identified transaction record. At step624, the transaction component 334 identifies a transaction record thatis associated with the request. As noted above, the transaction recordmay be identified based on information contained in the request. At step626, the transaction component 334 retrieves an encrypted copy ofsupplier data from the record (identified at step 626). At step 628, thetransaction component 334 retrieves, from the transaction record(identified at step 624), an encrypted copy of a random key that can beused to decrypt the supplier data. At step 630, the transactioncomponent 334 retrieves a private key that corresponds to the public keyused to encrypt the random key. The private key may be part of the samepair 341 as the public key. At step 632, the transaction component 334decrypts the random key with the private key. At step 634, thetransaction component 334 decrypts the supplier data with the decryptedrandom key. At step 636, the transaction component 334 returns thedecrypted supplier data. In some implementations, the transactioncomponent may extract from the decrypted supplier data the supplier dataitems that are requested and return only those supplier data items.

FIG. 7 is flowchart of an example of a process 700, according to aspectsof the disclosure. At step 702, the tier assembly component 335identifies the suppliers that are part of the supply chain 200.Identifying the suppliers may include retrieving a respective identifierof each of the suppliers from the tier data store 275. At step 704, thetier assembly component 335 identifies the respective tier in the supplychain 200 of each of the suppliers (identified at step 702). Identifyingthe respective tier of each of the suppliers may include retrieving anidentifier of the respective tier from the tier data store 275. At step706, the tier assembly component 335 generates a respective entitydefinition 342 for each of the identified suppliers and stores thegenerated entity definition in the ledger 320. Generating the entitydefinition for any of the suppliers may include instantiating thedefinition, inserting an identifier of the supplier in the instantiateddefinition, and inserting an identifier of the tier of the supplier, inthe supply chain 200, in the instantiated definition. Although in theexample of FIG. 7 the process 700 generates entity definitions forsuppliers only, alternative implementations are possible in which theprocess 700 generates entity definitions for both suppliers andcustomers.

Referring to FIG. 8 , computing device 800 may include processor 802,volatile memory 804 (e.g., RAM), non-volatile memory 806 (e.g., a harddisk drive, a solid-state drive such as a flash drive, a hybrid magneticand solid-state drive, etc.), graphical user interface (GUI) 808 (e.g.,a touchscreen, a display, and so forth) and input/output (I/O) device820 (e.g., a mouse, a keyboard, etc.). Non-volatile memory 806 storescomputer instructions 812, an operating system 816 and data 818 suchthat, for example, the computer instructions 812 are executed by theprocessor 802 out of volatile memory 804. Program code may be applied todata entered using an input device of GUI 808 or received from I/Odevice 820.

Processor 802 may be implemented by one or more programmable processorsexecuting one or more computer programs to perform the functions of thesystem. As used herein, the term “processor” describes an electroniccircuit that performs a function, an operation, or a sequence ofoperations. The function, operation, or sequence of operations may behard-coded into the electronic circuit or soft coded by way ofinstructions held in a memory device. A “processor” may perform thefunction, operation, or sequence of operations using digital values orusing analog signals. In some embodiments, the “processor” can beembodied in an application-specific integrated circuit (ASIC). In someembodiments, the “processor” may be embodied in a microprocessor withassociated program memory. In some embodiments, the “processor” may beembodied in a discrete electronic circuit. The “processor” may beanalog, digital or mixed-signal. In some embodiments, the “processor”may be one or more physical processors or one or more “virtual” (e.g.,remotely located or “cloud”) processors.

The term “or” is intended to mean an inclusive “or” rather than anexclusive “or”. That is, unless specified otherwise, or clear fromcontext, “X employs A or B” is intended to mean any of the naturalinclusive permutations. That is, if X employs A; X employs B; or Xemploys both A and B, then “X employs A or B” is satisfied under any ofthe foregoing instances. In addition, the articles “a” and “an” as usedin this application and the appended claims should generally beconstrued to mean “one or more” unless specified otherwise or clear fromcontext to be directed to a singular form.

To the extent directional terms are used in the specification and claims(e.g., upper, lower, parallel, perpendicular, etc.), these terms aremerely intended to assist in describing and claiming the invention andare not intended to limit the claims in any way. Such terms do notrequire exactness (e.g., exact perpendicularity or exact parallelism,etc.), but instead it is intended that normal tolerances and rangesapply. Similarly, unless explicitly stated otherwise, each numericalvalue and range should be interpreted as being approximate as if theword “about”, “substantially” or “approximately” preceded the value ofthe value or range.

Moreover, the terms “system,” “component,” “module,” “interface,”,“model” or the like are generally intended to refer to acomputer-related entity, either hardware, a combination of hardware andsoftware, software, or software in execution. For example, a componentmay be, but is not limited to being, a process running on a processor, aprocessor, an object, an executable, a thread of execution, a program,and/or a computer. By way of illustration, both an application runningon a controller and the controller can be a component. One or morecomponents may reside within a process and/or thread of execution and acomponent may be localized on one computer and/or distributed betweentwo or more computers.

Although the subject matter described herein may be described in thecontext of illustrative implementations to process one or more computingapplication features/operations for a computing application havinguser-interactive components the subject matter is not limited to theseparticular embodiments. Rather, the techniques described herein can beapplied to any suitable type of user-interactive component executionmanagement methods, systems, platforms, and/or apparatus.

While the exemplary embodiments have been described with respect toprocesses of circuits, including possible implementation as a singleintegrated circuit, a multi-chip module, a single card, or a multi-cardcircuit pack, the described embodiments are not so limited. As would beapparent to one skilled in the art, various functions of circuitelements may also be implemented as processing blocks in a softwareprogram. Such software may be employed in, for example, a digital signalprocessor, micro-controller, or general-purpose computer.

Some embodiments might be implemented in the form of methods andapparatuses for practicing those methods. Described embodiments mightalso be implemented in the form of program code embodied in tangiblemedia, such as magnetic recording media, optical recording media,solid-state memory, floppy diskettes, CD-ROMs, hard drives, or any othermachine-readable storage medium, wherein, when the program code isloaded into and executed by a machine, such as a computer, the machinebecomes an apparatus for practicing the claimed invention. Describedembodiments might also be implemented in the form of program code, forexample, whether stored in a storage medium, loaded into and/or executedby a machine, or transmitted over some transmission medium or carrier,such as over electrical wiring or cabling, through fiber optics, or viaelectromagnetic radiation, wherein, when the program code is loaded intoand executed by a machine, such as a computer, the machine becomes anapparatus for practicing the claimed invention. When implemented on ageneral-purpose processor, the program code segments combine with theprocessor to provide a unique device that operates analogously tospecific logic circuits. Described embodiments might also be implementedin the form of a bitstream or other sequence of signal valueselectrically or optically transmitted through a medium, storedmagnetic-field variations in a magnetic recording medium, etc.,generated using a method and/or an apparatus of the claimed invention.

It should be understood that the steps of the exemplary methods setforth herein are not necessarily required to be performed in the orderdescribed, and the order of the steps of such methods should beunderstood to be merely exemplary. Likewise, additional steps may beincluded in such methods, and certain steps may be omitted or combined,in methods consistent with various embodiments.

Also, for purposes of this description, the terms “couple,” “coupling,”“coupled,” “connect,” “connecting,” or “connected” refer to any mannerknown in the art or later developed in which energy is allowed to betransferred between two or more elements, and the interposition of oneor more additional elements is contemplated, although not required.Conversely, the terms “directly coupled,” “directly connected,” etc.,imply the absence of such additional elements.

As used herein in reference to an element and a standard, the term“compatible” means that the element communicates with other elements ina manner wholly or partially specified by the standard, and would berecognized by other elements as sufficiently capable of communicatingwith the other elements in the manner specified by the standard. Thecompatible element does not need to operate internally in a mannerspecified by the standard.

It will be further understood that various changes in the details,materials, and arrangements of the parts which have been described andillustrated in order to explain the nature of the claimed inventionmight be made by those skilled in the art without departing from thescope of the following claims.

1. A method, comprising: storing, in a ledger of a blockchain system, atransaction record containing information associated with a firstpurchase that is made in a supply chain, the supply chain including aplurality of suppliers, the first purchase being made by a first one ofthe plurality of suppliers from a second one of the plurality ofsuppliers, the transaction record containing a plurality of data itemsassociated with the first purchase; and storing, in the ledger of theblockchain system, a logic for enforcing one or more data accesspolicies, the logic being configured to control access to at least oneof the plurality of data items in the transaction record by any givenone of the plurality of suppliers based on a respective tier in thesupply chain to which the given supplier belongs, wherein the blockchainsystem is configured to: (i) receive, from a third one of the pluralityof suppliers, a request for any given one of the plurality of data itemsand (ii) generate a response to the request based on a tier in thesupply chain of the third supplier, the response being generated, atleast in part, by executing the logic.
 2. The method of claim 1, whereinthe block chain system is configured to store one or more datastructures that identify a respective tier of each of a plurality ofsuppliers in a supply chain.
 3. The method of claim 1, whereingenerating a response to the request includes identifying a tier of thethird supplier by using a consensus-building mechanism that is providedby the blockchain system, and evaluating, based on the identified tier,an access policy that controls access to the given data item.
 4. Themethod of claim 1, wherein the blockchain system is further configuredto: receive a request to store the given data item; identify a publicencryption key that belongs to at least one of the first supplier andthe second supplier; generate an encryption key; encrypt the given dataitem with the generated encryption key to produce an encrypted instanceof the given data item; encrypt the generated encryption key with thepublic encryption key to produce an encrypted instance of the generatedencryption key; and store the encrypted instance of the generatedencryption key and the encrypted instance of the given data item in aledger of the blockchain system.
 5. The method of claim 1, whereingenerating the response includes: retrieving an encrypted instance ofthe given data item that is encrypted, at least in part, by using apublic key that belong to one of the first supplier and the secondsupplier; decrypting the encrypted instance of the given data item toproduce a decrypted instance of the given data item, the decryptingbeing performed by using a private key that is associated with thepublic key, the private key being accessible only from within theblockchain system; and returning the decrypted instance of the givendata item.
 6. The method of claim 1, wherein the first supplier, thesecond supplier, and the third supplier are different suppliers.
 7. Themethod of claim 1, wherein the tier of the third supplier indicates howfar removed is the third supplier from a finished product that isproduced by the supply chain.
 8. The method of claim 1, wherein thelogic is part of a smart contract.
 9. A system, comprising: one or moreprocessors configured to perform the operations of: storing, in a ledgerof a blockchain system, a transaction record containing informationassociated with a first purchase that is made in a supply chain, thesupply chain including a plurality of suppliers, the first purchasebeing made by a first one of the plurality of suppliers from a secondone of the plurality of suppliers, the transaction record containing aplurality of data items associated with the first purchase; and storing,in the ledger of the blockchain system, a logic for enforcing one ormore data access policies, the logic being configured to control accessto at least one of the plurality of data items in the transaction recordby any given one of the plurality of suppliers based on a respectivetier in the supply chain to which the given supplier belongs, whereinthe blockchain system is configured to: (i) receive, from a third one ofthe plurality of suppliers, a request for any given one of the pluralityof data items and (ii) generate a response to the request based on atier in the supply chain of the third supplier, the response beinggenerated, at least in part, by executing the logic.
 10. The system ofclaim 9, wherein the block chain system is configured to store one ormore data structures that identify a respective tier of each of aplurality of suppliers in a supply chain.
 11. The system of claim 9,wherein generating a response to the request includes identifying a tierof the third supplier by using a consensus-building mechanism that isprovided by the blockchain system, and evaluating, based on theidentified tier, an access policy that controls access to the given dataitem.
 12. The system of claim 9, wherein the blockchain system isfurther configured to: receive a request to store the given data item;identify a public encryption key that belongs to at least one of thefirst supplier and the second supplier; generate an encryption key;encrypt the given data item with the generated encryption key to producean encrypted instance of the given data item; encrypt the generatedencryption key with the public encryption key to produce an encryptedinstance of the generated encryption key; and store the encryptedinstance of the generated encryption key and the encrypted instance ofthe given data item in a ledger of the blockchain system.
 13. The systemof claim 9, wherein generating the response includes: retrieving anencrypted instance of the given data item that is encrypted, at least inpart, by using a public key that belong to one of the first supplier andthe second supplier; decrypting the encrypted instance of the given dataitem to produce a decrypted instance of the given data item, thedecrypting being performed by using a private key that is associatedwith the public key, the private key being accessible only from withinthe blockchain system; and returning the decrypted instance of the givendata item.
 14. The system of claim 9, wherein the first supplier, thesecond supplier, and the third supplier are different suppliers.
 15. Thesystem of claim 9, wherein the tier of the third supplier indicates howfar removed is the third supplier from a finished product that isproduced by the supply chain.
 16. The system of claim 9, wherein thelogic is part of a smart contract.
 17. A non-transitorycomputer-readable medium storing one or more processor-executableinstructions which, when executed, by one or more processors cause theone or more processors to perform the operations of: storing, in aledger of a blockchain system, a transaction record containinginformation associated with a first purchase that is made in a supplychain, the supply chain including a plurality of suppliers, the firstpurchase being made by a first one of the plurality of suppliers from asecond one of the plurality of suppliers, the transaction recordcontaining a plurality of data items associated with the first purchase;and storing, in the ledger of the blockchain system, a logic forenforcing one or more data access policies, the logic being configuredto control access to at least one of the plurality of data items in thetransaction record by any given one of the plurality of suppliers basedon a respective tier in the supply chain to which the given supplierbelongs, wherein the blockchain system is configured to: (i) receive,from a third one of the plurality of suppliers, a request for any givenone of the plurality of data items and (ii) generate a response to therequest based on a tier in the supply chain of the third supplier, theresponse being generated, at least in part, by executing the logic. 18.The non-transitory computer-readable medium of claim 17, wherein theblock chain system is configured to store one or more data structuresthat identify a respective tier of each of a plurality of suppliers in asupply chain.
 19. The non-transitory computer-readable medium of claim17, wherein generating a response to the request includes identifying atier of the third supplier by using a consensus-building mechanism thatis provided by the blockchain system, and evaluating, based on theidentified tier, an access policy that controls access to the given dataitem.
 20. The non-transitory computer-readable medium of claim 17,wherein the tier of the third supplier indicates how far removed is thethird supplier from a finished product that is produced by the supplychain.